SSL Certificate Analysis for dev.config.dataguard.abb.com - Security Grade & TLS Configuration | DNS Gurus

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

C=CH, ST=Zürich, L=Zürich, O=ABB Asea Brown Boveri Ltd, CN=waf-abb-cert11.abb.com

Issuer

C=US, O=DigiCert Inc, CN=DigiCert Global G3 TLS ECC SHA384 2020 CA1

Valid From

December 08, 2025

Valid Until

November 17, 2026 304 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

3D:DE:AD:53:E7:47:F5:AE:00:35:D3:0B:4D:CE:17:7E:F0:42:2D:C9:40:7A:69:CE:FB:18:E3:FE:5F:09:CA:FF

Alternative Names

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15768000 ; includeSubDomains ; preload

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

bimagicdesigner.abb.com cylon-planner-mechanical.abb.com e-invoicing-ascc.abb.com eai.abb.com early-streamer-air-terminal-configurator.abb.com industrial-automation-service.abb.com mypulpandpaper.abb.com nam-tools.abb.com rocketweb.abb.com smarterpro.abb.com softstarter-selector.abb.com status-smartpower.abb.com waf-abb-cert11.abb.com www241.abb.com zscalernotification.abb.com api.bimagicdesigner.abb.com api.cylon-planner-mechanical.abb.com api.smissline-designer.abb.com apimanagement.motion.abb.com bolservices-acndev.it.abb.com c4e.eai.abb.com candidate-verification.in.abb.com catalog.industrialsolutions.abb.com classicpartsprojects.motion.abb.com config.dataguard.abb.com dev.cylon-planner-mechanical.abb.com dev.dataguard.abb.com dev.status-smartpower.abb.com ebusiness-acndev.it.abb.com employee-journey.de.abb.com fletch2.elis.abb.com ftp.nam.abb.com harmonicestimator.motion.abb.com instrumentationx.us.abb.com logging.electrificationtools.abb.com medium-voltage-devices.salesconfigurator.abb.com mo-engineeringvault.gb.abb.com motormaster.in.abb.com msgraph.abby.abb.com my.privacy.abb.com myexcitation.industrial-automation-service.abb.com rancher.electrificationtools.abb.com scep01.pki.abb.com stage.cylon-planner-mechanical.abb.com stage.industrial-automation-service.abb.com stage.rap.abb.com stage.www241.abb.com training-certificates.robotics.abb.com usytp-s-webdmz1-2.us.abb.com welcome-configurator.mybuildings.abb.com work-permit.in.abb.com wsftp.us.abb.com api.dev.cylon-planner-mechanical.abb.com api.elacademy-is.coursefinder.abb.com api.electrification.coursefinder.abb.com api.library.test.abb.com api.stage.cylon-planner-mechanical.abb.com api.subscriptions.motion.abb.com condition-monitoring.mining.ability.abb.com ct.el-sales.ca.abb.com dev.conditionmonitoring.traction.abb.com dev.config.dataguard.abb.com dev.employee-journey.de.abb.com dev.logging.electrificationtools.abb.com dev.msgraph.abby.abb.com dev.myexcitation.industrial-automation-service.abb.com dev.us.iapipulpandpaper.abb.com developer.apimanagement.motion.abb.com ftswitch.apps.us.abb.com icl.smartmaster.measurementservice.abb.com integration.dev.industrial-automation-service.abb.com publish.library.stage.abb.com publish.library.test.abb.com qa.conditionmonitoring.traction.abb.com stage.config.dataguard.abb.com stage.harmonicestimator.motion.abb.com stage.in.iapipulpandpaper.abb.com stage.myexcitation.industrial-automation-service.abb.com stage.provisioner.collaboration.abb.com stage.smartmaster.measurementservice.abb.com stage.us.iapipulpandpaper.abb.com stage.work-permit.in.abb.com test.dev.industrial-automation-service.abb.com test.myexcitation.industrial-automation-service.abb.com api.icl.smartmaster.measurementservice.abb.com dev.api.subscriptions.motion.abb.com stage.api.smartmaster.measurementservice.abb.com stage.api.subscriptions.motion.abb.com stage.plc.goselect.motion.abb.com stage.plcconfigurator.goselect.motion.abb.com stage.uam.smartmaster.measurementservice.abb.com stg.condition-monitoring.mining.ability.abb.com test.api.subscriptions.motion.abb.com uam.icl.smartmaster.measurementservice.abb.com

Other domains in certificate

abbnow.com admin.abbnow.com

dependencytrack.test.abilityplatform.abb

kc-dev.br-automation.com

smart-ip-configurator.my.busch-jaeger.de

lowvoltage-configurator.tnb.com